The development of an application for data privacy by applying an audit repository based on IHE ATNA.

It is necessary to optimize workflows and communication between institutions involved in patients' treatment to improve quality and efficiency of the German healthcare. To achieve these in the Metropolregion Rhein-Neckar, a personal, cross-institutional patient record (PEPA) is used. Given the immense sensitivity of health-related information saved in the PEPA, it is imperative to obey the data protection regulations in Germany. One important aspect is the logging of access to personal health data and all other safety-related events. For gathering audit information, the IHE profile ATNA can be used, because it provides a flexible and standardized infrastructure. There are already existing solutions for gathering the audit information based on ATNA. In this article one solution (OpenATNA) is evaluated, which uses the method of evaluation defined by Peter Baumgartner. In addition, a user interface for a privacy officer is necessary to support the examination of the audit information. Therefore, we will describe a method to develop an application in Liferay (an OpenSource enterprise portal project) which supports examinations on the gathered audit information.